Users of firefox please be advised of Multiple vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MDVSA-2010:210: [MDVSA-2010:210] firefox - Multiple Issues
Problem Description:
Security issues were identified and fixed in firefox:
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
recognize a wildcard IP address in the subject's Common Name field of
an X.509 certificate, which might allow man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by
a legitimate Certification Authority (CVE-2010-3170).
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher
parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and
SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary
web script or HTML via a crafted name of a (1) file or (2) directory
on a Gopher server (CVE-2010-3177).Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/e298
No comments:
Post a Comment